- 所有SQL执行器端点改用 require_admin 权限校验
- /sql/execute - 执行SQL
- /sql/validate - 验证SQL
- /sql/tables - 获取表列表
- /sql/table/{name}/schema - 获取表结构
This commit is contained in:
yuliang_guo
@@ -12,7 +12,7 @@ from sqlalchemy.ext.asyncio import AsyncSession
|
|||||||
from sqlalchemy.engine.result import Result
|
from sqlalchemy.engine.result import Result
|
||||||
import structlog
|
import structlog
|
||||||
|
|
||||||
from app.core.deps import get_current_user, get_db
|
from app.core.deps import get_current_user, get_db, require_admin
|
||||||
try:
|
try:
|
||||||
from app.core.simple_auth import get_current_user_simple
|
from app.core.simple_auth import get_current_user_simple
|
||||||
except ImportError:
|
except ImportError:
|
||||||
@@ -57,7 +57,7 @@ def serialize_row(row: Any) -> Union[Dict[str, Any], Any]:
|
|||||||
@router.post("/execute", response_model=ResponseModel)
|
@router.post("/execute", response_model=ResponseModel)
|
||||||
async def execute_sql(
|
async def execute_sql(
|
||||||
request: Dict[str, Any],
|
request: Dict[str, Any],
|
||||||
current_user: User = Depends(get_current_user),
|
current_user: User = Depends(require_admin),
|
||||||
db: AsyncSession = Depends(get_db)
|
db: AsyncSession = Depends(get_db)
|
||||||
) -> ResponseModel:
|
) -> ResponseModel:
|
||||||
"""
|
"""
|
||||||
@@ -74,7 +74,7 @@ async def execute_sql(
|
|||||||
- 写入操作:返回影响的行数
|
- 写入操作:返回影响的行数
|
||||||
|
|
||||||
安全说明:
|
安全说明:
|
||||||
- 需要用户身份验证
|
- 需要管理员权限
|
||||||
- 所有操作都会记录日志
|
- 所有操作都会记录日志
|
||||||
- 建议在生产环境中限制可执行的 SQL 类型
|
- 建议在生产环境中限制可执行的 SQL 类型
|
||||||
"""
|
"""
|
||||||
@@ -196,11 +196,13 @@ async def execute_sql(
|
|||||||
@router.post("/validate", response_model=ResponseModel)
|
@router.post("/validate", response_model=ResponseModel)
|
||||||
async def validate_sql(
|
async def validate_sql(
|
||||||
request: Dict[str, Any],
|
request: Dict[str, Any],
|
||||||
current_user: User = Depends(get_current_user)
|
current_user: User = Depends(require_admin)
|
||||||
) -> ResponseModel:
|
) -> ResponseModel:
|
||||||
"""
|
"""
|
||||||
验证 SQL 语句的语法(不执行)
|
验证 SQL 语句的语法(不执行)
|
||||||
|
|
||||||
|
权限:需要管理员权限
|
||||||
|
|
||||||
Args:
|
Args:
|
||||||
request: 包含 sql 字段的请求
|
request: 包含 sql 字段的请求
|
||||||
|
|
||||||
@@ -253,12 +255,14 @@ async def validate_sql(
|
|||||||
|
|
||||||
@router.get("/tables", response_model=ResponseModel)
|
@router.get("/tables", response_model=ResponseModel)
|
||||||
async def get_tables(
|
async def get_tables(
|
||||||
current_user: User = Depends(get_current_user),
|
current_user: User = Depends(require_admin),
|
||||||
db: AsyncSession = Depends(get_db)
|
db: AsyncSession = Depends(get_db)
|
||||||
) -> ResponseModel:
|
) -> ResponseModel:
|
||||||
"""
|
"""
|
||||||
获取数据库中的所有表
|
获取数据库中的所有表
|
||||||
|
|
||||||
|
权限:需要管理员权限
|
||||||
|
|
||||||
Returns:
|
Returns:
|
||||||
数据库表列表
|
数据库表列表
|
||||||
"""
|
"""
|
||||||
@@ -290,12 +294,14 @@ async def get_tables(
|
|||||||
@router.get("/table/{table_name}/schema", response_model=ResponseModel)
|
@router.get("/table/{table_name}/schema", response_model=ResponseModel)
|
||||||
async def get_table_schema(
|
async def get_table_schema(
|
||||||
table_name: str,
|
table_name: str,
|
||||||
current_user: User = Depends(get_current_user),
|
current_user: User = Depends(require_admin),
|
||||||
db: AsyncSession = Depends(get_db)
|
db: AsyncSession = Depends(get_db)
|
||||||
) -> ResponseModel:
|
) -> ResponseModel:
|
||||||
"""
|
"""
|
||||||
获取指定表的结构信息
|
获取指定表的结构信息
|
||||||
|
|
||||||
|
权限:需要管理员权限
|
||||||
|
|
||||||
Args:
|
Args:
|
||||||
table_name: 表名
|
table_name: 表名
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user